Will the cloud have its own Deepwater Horizon disaster?

A new Pew internet survey on the future of cloud computing gives voice to an …

A new Pew Internet survey of 900 Internet experts leads with a headline finding that will surprise few: the experts largely agree that, by 2020, we'll all be computing in the cloud. But an even more interesting notion is buried in one corner of the report, and it's an idea that came up in two of the three cloud interviews I did in the wake of Wired/Ars Smart Salon. This notion is that, at some point, there will be a massive data breach—a kind of cloud version of the Deepwater Horizon disaster, but pouring critical data out into the open instead of oil—and that this breach will cause everyone from private industry to government regulators to rethink what cloud computing can and cannot do.

"We'll have a huge blow up with terrorism in the cloud and the PC will regain its full glory," said R. Ray Wang, a partner in The Altimeter Group and a blogger on enterprise strategy. "People will lose confidence as cyber attacks cripple major systems. In fact, cloud will be there but we'll be stuck in hybrid mode for the next 40 years as people live with some level of fear."

The Mozilla Foundation's Nathaniel James concurs, telling Pew to "expect a major news event involving a cloud catastrophe (security breach or lost data) to drive a reversion of these critical resources back to dedicated computing."

Nicholas Carr and Accenture's Joe Tobolski floated this same idea—that a high-profile cloud catastrophe would probably cause us to pause for a moment and rethink things—in their interviews with Ars.

Sure, that's only four experts in as many weeks, but the idea seems to be in the air. And it certainly makes sense, given that ever larger pools of highly sensitive data are forming out there in the cloud, pools that become even more enticing to hackers as they grow larger. If a service like Mint, for instance, were to be seriously compromised, the damage could be enormous. Even worse would be a major vulnerability in Amazon S3, which might expose critical business data to attackers.

Of course, it's impossible to say how likely we are to see such a disaster. But, whether we ever see a game-changer of a breach or not, the cloud jitters are definitely here to stay, even among the most tech savvy execs, pundits, and users. Indeed, what's remarkable about the report is just how widespread the unease is, as voiced succinctly by one Barry Wellman: "Trust not the cloud for reliability, security, privacy." At least, don't trust it quite yet.

As Joe pointed out in his interview, you can actually boil down all of these concerns, justified or not, to the core issue of ownership. The anxiety that comes with not owning and operating an important piece of infrastructure—whether personal or business—gets expressed in terms of reliability, security, privacy, and lock-in, but at root it's all about ownership and control.

My own struggles with cloud lock-in

I can definitely identify with the anxiety that comes with not owning an important part of your computing experience, and at this point, so can everyone who uses Facebook. The Diaspora project, a Facebook alternative, is P2P precisely for this reason—it wants to enable you to regain ownership of your network by literally owning the physical hardware that your social graph lives on.

As the Facebook privacy saga has shown, terms of service (ToS) can also change in a heartbeat, and then change again, often in ways that users don't like. Cloud companies can also change their business models, or they can get acquired, placing the future of their service in doubt.

I've recent run into the latter two issues with two cloud services that I've used, Ning and DabbleDB. Before these two incidents, I had an intellectual understanding of the risks inherent in not owning your own servers, but that understanding hadn't yet translated into genuine anxiety.

After seeing what the Wired guys did with Haiti Rewired, I set up a Ning network for my local church here in San Francisco. The plan was to do a small trial run by setting up a business networking group for church members, since we have quite a few tech, finance, and media types who attend; if that worked, I had planned to advocate for hosting the entire church website on Ning. After all, Ning wasn't just great software—it was free (as in beer)!

At least, it was free until May 4, at which point the service started charging network creators. All of a sudden, it didn't seem like as good of an idea. It's not that it's too expensive—it's that the sudden change in the nature of the service stopped me cold and made me think, "if we really invest in this platform as a community, what happens when Ning makes a change that we really don't like? What happens if they close up shop?" At that point, I was done with the Ning idea, because in 20 years my church community will still be around, but Ning may not.

The second incident happened this morning, when I read that Twitter is buying the company behind DabbleDB. I use DabbleDB to keep track of billing, scheduling, editing, and production for Ars Technica's long-form, feature content. Dabble is unintuitive and generally a pain to get up to speed on, but it works, and I can give filtered, controlled access to the features database to other people who need to see the features pipeline—our copy editor, our ad sales team, our creative director, etc.

Well, now I get to go look for a replacement, because it's not clear that DabbleDB will be around as a Web database product for much longer. This is painful, because I've invested a nontrivial amount of my time in the application that I built. (Admittedly, if Dabble were easier to use, maybe that would've been only a trivial amount of time; it's not like my application is all that complex, and everyone besides me still hates it and can't quite figure it out.)

I'll probably just use Filemaker Pro 11 and publish it via my home network, since I have a static IP. That way, I don't have to worry about another cloud database company cutting me off. If I do end up with a cloud-based replacement for Dabble, I'll be going with the rule that bigger and older is better. Services from a Microsoft or an Amazon are much more likely to be around for as long as I need them, and in a stable form that I can depend on.

Because they're aiming their services at businesses, and because they've been in business long enough to know how it works, these companies are on the hook for a level of predictability that startups and larger, consumer-focused companies run by inexperienced young execs are not.